Credential Vault

Included in Version Release Date
V4.3.46.0

July 2024 Quarterly Release

As part of our ongoing efforts to increase usability and security in Guardian, we have introduced a new 'Credential Vault' service that enables you to safely store your credentials within the Guardian database. Using industry standard asymmetric encryption, any credentials stored within the 'vault' are encrypted/decrypted with public/private key pairs that are generated and managed by Guardian Connection Managers. Once stored, those credentials can be used to add/edit an unlimited number of nodes, without needing to manually enter them each time. This is an optional feature, to enable the Credential Vault service, contact your Cloudhouse Representative.

Note: The use of asymmetric encryption in Guardian is not new functionality. This is the primary method for storing passwords in Guardian.

As part of this development, a new Credentials tab has been added to the Guardian Inventory. Here, you can add, edit, view, and delete credentials from your Guardian instance. By storing the credentials in one location, you no longer need to update new or expired credentials within each individual node, as you can edit the credential within the Credentials tab and have Guardian update each node accordingly. For more information on how to add stored credentials to a node, see Use Credentials.

Tip: The credentials stored in this tab are specific to the organization they were created in. For more information, see Credentials.

Create Credentials

Once you create a credential, it is stored in the Guardian database and available to use when adding or editing a node.

To add a new set of credentials to your Guardian instance, complete the following steps:

  1. In the Guardian web application, navigate to the Credentials tab (Inventory > Credentials).

  2. Click the Create Credential button. The Create Credential page is displayed.

  3. Complete the following options:

    Option Description
    Name field The display name for the credential within Guardian. For example, 'AWS Access Key ID'.
    Description field (Optional) Option to provide a description of the credential to distinguish it amongst others. For example, 'The AWS Access Key ID for the DEV account'.
    Connection Manager Group drop-down list (Optional)

    Option to select a Connection Manager group from the drop-down list to associate it with the credential.

    Note: If no Connection Manager group is selected, the password is still encrypted.
    Username field (Optional) Option to add the username associated with the Password field.
    Password field The password for the credential.
    Secondary Password field (Optional) Option to add a secondary password.

  4. Once complete, click the Save Credential button.

The credential is then created and stored in the Credentials tab. Here, you can Edit or Delete existing credentials by clicking the Ellipsis button () in the Actions column and selecting the corresponding option.

Note: Once a credential is deleted, it is permanently removed from your Guardian instance and cannot be retrieved.

Use Credentials

A new Credentials drop-down list is available to use when adding or editing one of the following node types:

Tip: Additionally, when adding or editing Integrations that include a Virtual Machine, such as AWS EC2 and Azure Virtual Machines, any corresponding stored credentials can also be used.

The drop-down list is populated with the stored credentials in the Credentials tab. For more information on how to add a credential, see Create Credentials.

To use stored credentials when adding or editing a node, complete the following steps:

  1. On the Add/Edit Node page, select an option from the Connection manager group drop-down list.

    Note: If no Connection Manager group is associated with the credential, you can skip this step.

  2. Then, select the Password radio button. The new Credentials drop-down list is displayed.

  3. Select a stored credential from the Credentials drop-down list.

    Note: Additionally, you can select 'Add New Credential' from the drop-down list to display the Create Credential dialog. For more information on how to create a credential, see Create Credentials.

  4. Finally, click to Update or Scan Node.

Once complete, the credentials are used to authenticate Guardian's access to the target node and are saved within the node's settings. For more information on how to add/edit a node, see Add Nodes and Edit Node.

Tip: This is an optional feature, to enable the Credential Vault service, contact your Cloudhouse Representative.